| Description: | Summary:
The remote host is missing an update for the 'kernel' package(s) announced via the SSA:2017-180-01 advisory.
Vulnerability Insight:
New kernel packages are available for Slackware 14.1 to fix security issues.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/linux-3.10.107/*: Upgraded.
This kernel fixes two 'Stack Clash' vulnerabilities reported by Qualys.
The first issue may allow attackers to execute arbitrary code with elevated
privileges. Failed attack attempts will likely result in denial-of-service
conditions. The second issue can be exploited to bypass certain security
restrictions and perform unauthorized actions.
Be sure to upgrade your initrd after upgrading the kernel packages.
If you use lilo to boot your machine, be sure lilo.conf points to the correct
kernel and initrd and run lilo as root to update the bootloader.
If you use elilo to boot your machine, you should run eliloconfig to copy the
kernel and initrd to the EFI System Partition.
For more information, see:
[links moved to references]
(* Security fix *)
In addition, a patch is included and preapplied to guard against other == sk
in unix_dgram_sendmsg. This bug has been known to cause Samba related stalls.
Thanks to Ben Stern for the bug report.
+--------------------------+
Affected Software/OS:
'kernel' package(s) on Slackware 14.1.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
